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REMARKS 

Claims 1-4, 6-36, and 38-67 are pending and under consideration in this application. 
Claims 1 and 65 are amended herein. Support for the amendments to claims 1 and 65 may be 
found in the claims as originally filed. Reconsideration is requested based on the foregoing 
amendment and the following remarks. 

Interview Summary 

The Applicants submit the following summary of the Office interview that took place May 
19, 2006 between the undersigned representative of the Applicants and the Examiner. 

Office Conference: 

The Applicants thank the Examiner for the many courtesies extended to the undersigned 
representative of the Applicants during the interview that took place May 19, 2006. 

Among the issues discussed during that interview were the patentability of the claims 
over the cited references and, in particular, the recitation "a pattern estimation unit which 
estimates legality of an access request based on the illegal access patterns stored in the illegal 
pattern database and on a predetermined pattern estimation rule" (emphasis added). 

Although the Office urged the Applicants to amend the claims further sua sponte , the 
Applicants requested that one further search be conducted for a reference disclosing the above- 
noted feature, before the claims were amended further. The Applicants are pleased to note that 
none of the further references cited in the Office Action appear to disclose this feature either, as 
discussed more fully below. Further favorable consideration is thus requested. 

Objections to the Specification: 

The Title of the Invention was objected to for being inadequately descriptive. The Title is 
substantially similar to the preambles of the independent claims, which is submitted to be 
customary. Still, in the interest of compact prosecution only, the following new Title has been 
applied to the application. Withdrawal of the objection is earnestly solicited. 

"FILTERING APPARATUS, FILTERING METHOD AND COMPUTER PROGRAM PRODUCT 
FOR ESTIMATING THE LEGALITY OF AN ACCESS REQUEST" 

Claim Rejections - 35 U.S.C. §101: 

Claim 65 was rejected under 35 U.S.C. § 101 as directed to non-statutory subject matter. 
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Claim 65 was amended to recite "stored in computer readable medium," and is thus submitted 
be directed to statutory subject matter. Withdrawal of the rejection of claim 65 is earnestly 
solicited. 

Claim Rejections - 35 U.S.C. § 112: 

Claim 1 was rejected under 35 U.S.C. § 112, second paragraph, as indefinite. Claim 1 
was amended to make it more definite. Withdrawal of the rejection is earnestly solicited. 

Claim Rejections - 35 U.S.C. § 102: 

Claims 1 , 2, 33, 34, 65, 66, and 67 were rejected under 35 U.S.C. § 102(b) as anticipated 
by U.S. Patent No. 7,051 ,368 to Howard et al. (hereinafter "Howard"). The rejection is traversed 
to the extent it would apply to the claims as amended. Reconsideration is earnestly solicited. 

The third clause of claim 1 recites: 

A pattern estimation unit which estimates legality of an access request based on 
the illegal access patterns stored in the illegal pattern database and on a 
predetermined pattern estimation rule. 

Howard neither teaches, discloses, nor suggests estimating the "legality of an access request," 
let alone "a pattern estimation unit which estimates legality of an access request based on the 
illegal access patterns stored in the illegal pattern database and on a predetermined pattern 
estimation rule," as recited in claim 1 . Howard, rather, screens input strings to identify strings 
that contain attack patterns that can be used to attack a Web server. Attack patterns are not 
contained in legal access requests. In particular, as described at column 1, lines 7-12: 

This invention relates to methods and systems for screening input strings that are 
intended for use by Web servers. In particular, the invention pertains to methods 
and systems for identifying input strings that contain attack patterns that can be 
used to attack a Web server, and, in some instances, reacting to the attack 
patterns once identified. 

Since Howard screens input strings to identify attack patterns that can be used to attack a Web 
server, Howard is not estimating "legality of an access request based on the illegal access 
patterns stored in the illegal pattern database and on a predetermined pattern estimation rule," 
as recited in claim 1 . 

Howard, furthermore, is screening input strings. In particular, as described at column 2, 
lines 14 and 15: 

Methods and systems of screening input strings that are intended for use by a 
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Web server are described. 

Since Howard is screening input strings, Howard is not estimating the "legality of an access 
request," as recited in claim 1. 

Furthermore, in Howard, an input string that is intended for use by a Web server is 
received and evaluated using the search pattern to ascertain whether an attack pattern is 
present. In particular, as described at column 2, lines 20-25: 

An input string that is intended for use by a Web server is received and evaluated 
using the search pattern to ascertain whether the attack pattern is present. If an 
attack pattern is found that matches the search pattern, then a remedial action is 
implemented. 

Since Howard evaluates an input string to ascertain whether an attack pattern is present, 
Howard is not estimating the legality of an access request," as recited in claim 1 . 

Finally, in Howard, an input string is evaluated using the search pattern to ascertain 
whether an attack pattern is present. In particular, as described at column 8, lines 52-67: 

A Web server input string screening method comprising: 

determining an attack pattern that can be used to attack a Web server, the attack 

pattern comprising content that is determined as constituting one or more of a 

disclosure attack or an integrity attack on the Web server, 

defining a search pattern that can be used to detect the attack pattern, the search 

pattern being defined in a manner that permits variability among its constituent 

parts; 

receiving an input string that is intended for use by a Web server; 
evaluating the input string using the search pattern to ascertain whether the 
attack pattern is present; and 

implementing a remedial action if an attack pattern is found that matches the 
search pattern. 

Since Howard evaluates an input string to ascertain whether an attack pattern is present, 
Howard is not estimating the 'legality of an access request," as recited in claim 1 . 

The fifth clause of claim 1 recites: 

A transmission unit which controls transmission of the access request based on 
the determination result of the pattern determination unit so as to transmit the 
access request to the server when the access request is estimated to be legal. 

Howard neither teaches, discloses, nor suggests transmitting "the access request to the server 
when the access request is estimated to be legal," let alone "a transmission unit which controls 
transmission of the access request based on the determination result of the pattern 
determination unit so as to transmit the access request to the server when the access request is 
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estimated to be legal," as recited in claim 1 . No estimate is made in Howard of the legality of an 
access request," as discussed above. Howard, rather, processes any input string as long as 
there are no attack patterns present in the input string. In particular, as described at column 7, 
lines 36-45: 

Step 206 receives an input string from the client that is intended for use by the 
Web server, and step 208 evaluates the input string using one or more of the 
search patterns. Step 210 determines whether any of the attack patterns are 
present in the input string. An attack pattern is present if a match is found for the 
search pattern in the input string. If there are no attack patterns present in the 
input string, then step 212 processes the input string or request that is associated 
with the input string. 

Since Howard screens input strings to identify attack patterns that can be used to attack a Web 
server, Howard is not transmitting "the access request to the server when the access request is 
estimated to be legal," as recited in claim 1. 

Howard, furthermore, implements a remedial action if an attack pattern is identified to be 
associated with the input string. In particular, as described at column 7, lines 47-51 : 

If, on the other hand, there is an attack pattern that is identified to be associated 
with the input string (i.e. an attack pattern is found in the input string that matches 
the search pattern), then step 214 implements a remedial action. 

Since Howard implements a remedial action if an attack pattern is identified to be associated 
with the input string, Howard is not transmitting "the access request to the server when the 
access request is estimated to be legal," as recited in claim 1. 

Howard, finally, denies a request that is associated with the input string having an attack 
pattern. Howard does not mention treatment accorded any input string that has no attack 
patterns present in the input string. In particular, as described at column 7, lines 51-58: 

Remedial actions can be any actions that are associated with minimizing or 
eliminating the effect that an attack pattern can have on the Web server. In but 
one example, this can include denying a request that is associated with the input 
string. For example, in the case of an input string that is a URL, this could mean 
returning an error message to the client to the effect that the request could not be 
executed. 

Since Howard denies a request that is associated with the input string having an attack pattern, 
Howard is not transmitting "the access request to the server when the access request is 
estimated to be legal," as recited in claim 1. Claim 1 is submitted to be allowable. Withdrawal of 
the rejection of claim 1 is earnestly solicited. 
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Claim 2 depends from claim 1 and adds further distinguishing elements. Claim 2 is thus 
also submitted to be allowable. Withdrawal of the rejection of claim 2 is also earnestly solicited. 

Claims 33 and 34: 

The second clause of claim 33 recites: 

A pattern estimation unit which estimates legality of an access request based on 
the illegal access patterns stored in the illegal pattern database and on a 
predetermined pattern estimation rule. 

Howard neither teaches, discloses, nor suggests "a pattern estimation unit which estimates 
legality of an access request based on the illegal access patterns stored in the illegal pattern 
database and on a predetermined pattern estimation rule," as discussed above with respect to 
the rejection of claim 1 . 

The fourth clause of claim 33 recites: 

Controlling transmission of the access request based on determination result of 
the pattern determination step so as to transmit the access request to the server 
when the access request is estimated to be legal. 

Howard neither teaches, discloses, nor suggests "controlling transmission of the access request 
based on determination result of the pattern determination step so as to transmit the access 
request to the server when the access request is estimated to be legal," as also discussed 
above with respect to the rejection of claim 1 . Claim 33 is submitted to be allowable for at least 
those reasons discussed above with respect to the rejection of claim 1 . Withdrawal of the 
rejection of claim 33 is earnestly solicited. 

Claim 34 depends from claim 33 and adds further distinguishing elements. Claim 34 is 
thus also submitted to be allowable. Withdrawal of the rejection of claim 34 is also earnestly 
solicited. 

Claim 65: 

The second clause of claim 65 recites: 

Estimating legality of an access request based on the illegal access patterns 
referred to and on a predetermined pattern estimation rule. 

Howard neither teaches, discloses, nor suggests "estimating legality of an access request based 
on the illegal access patterns referred to and on a predetermined pattern estimation rule," as 
discussed above with respect to the rejection of claim 1 . 
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The fourth clause of claim 65 recites: 

Controlling transmission of the access request based on determination result of 
the pattern determination step so as to transmit the access request to the server 
when the access request is estimated to be legal. 

Howard neither teaches, discloses, nor suggests "controlling transmission of the access request 
based on determination result of the pattern determination step so as to transmit the access 
request to the server when the access request is estimated to be legal," as also discussed 
above with respect to the rejection of claim 1 . Claim 65 is submitted to be allowable for at least 
those reasons discussed above with respect to the rejection of claim 1 . Withdrawal of the 
rejection of claim 65 is earnestly solicited. 

Claim 66: 

The fourth clause of claim 66 recites: 

Estimating legality of an access request based on the illegal access patterns 
referred to and on a predetermined pattern estimation rule. 

Howard neither teaches, discloses, nor suggests "estimating legality of an access request based 
on the illegal access patterns referred to and on a predetermined pattern estimation rule," as 
discussed above with respect to the rejection of claim 1 . 

The fifth clause of claim 66 recites: 

Determining whether the access request is to be transmitted to the server based 
on the estimate of the legality of the access request. 

Howard neither teaches, discloses, nor suggests "determining whether the access request is to 
be transmitted to the server based on the estimate of the legality of the access request," as also 
discussed above with respect to the rejection of claim 1 . Claim 66 is submitted to be allowable 
for at least those reasons discussed above with respect to the rejection of claim 1 . Withdrawal 
of the rejection of claim 66 is earnestly solicited. 

Claim 67: 

The second clause of claim 67 recites: 

Estimating a legality of an access request based on an illegal access pattern 
stored in an illegal pattern database and on a predetermined pattern estimation 
rule. 

Howard neither teaches, discloses, nor suggests "estimating a legality of an access request 
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based on an illegal access pattern stored in an illegal pattern database and on a predetermined 
pattern estimation rule," as discussed above with respect to the rejection of claim 1 . 

The third clause of claim 67 recites: 

Determining whether the access request is to be abandoned based on the 
estimate of the legality of the access request. 

Howard neither teaches, discloses, nor suggests "determining whether the access request is to 
be transmitted to the server based on the estimate of the legality of the access request," as 
recited in claim 67. Howard, rather, denies requests associated with input strings having an 
attack pattern, as discussed above with respect to the rejection of claim 1 . Claim 67 is 
submitted to be allowable for at least those reasons discussed above with respect to the 
rejection of claim 1 . Withdrawal of the rejection of claim 67 is earnestly solicited. 

Claim Rejections - 35 U.S.C. § 103: 

Claims 3, 4, 6-19, 26-30, 35, 36, 38-51, and 58-62 were rejected under 35 U.S.C. § 103 
as being unpatentable over Howard in view of US 2003/0051026 to Carter etaj. (hereinafter 
"Carter"). The rejection is traversed. Reconsideration is earnestly solicited. 

Claims 3, 4, 6-19 and 26-30 depend from claim 1 and add further distinguishing 
elements. Howard neither teaches, discloses, nor suggests "a pattern estimation unit which 
estimates legality of an access request based on the illegal access patterns stored in the illegal 
pattern database and on a predetermined pattern estimation rule," or "a transmission unit which 
controls transmission of the access request based on the determination result of the pattern 
determination unit so as to transmit the access request to the server when the access request is 
estimated to be legal," as discussed above with respect to the rejection of claim 1. 

Carter does not either, and thus cannot make up for this deficiency of Howard with 
respect to claims 3, 4, 6-19 and 26-30. Thus, even if Howard were combined as proposed in the 
Office Action, the claimed invention would not result. 

Finally, the Office Action provides no motivation or suggestion to combine the teachings 
of Howard, Carter and Cahill as required by 35 U.S.C. § 103(a) and the M.P.EP, §706.02(j)(D), 
beyond an assertion that "(o)ne of ordinary skill in the art at the time of the invention would have 
been motivated to make the above mentioned modifications for the reasons discussed in Carter, 
Paragraph [0005]". 

In paragraph [0005], however, Carter fails to mention any reason at all to include a 
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pattern estimation unit which estimates legality of an access request based on the illegal access 
patterns stored in the illegal pattern database, as recited in claim 1. Thus, even if persons of 
ordinary skill in the art would have been motivated by paragraph [0005] of Carter at the time of 
the invention, there is no reason to believe the claimed invention would have been the result. 
Claims 3, 4, 6-19 and 26-30 are submitted to be allowable. Withdrawal of the rejection of claims 
3, 4, 6-19 and 26-30 is earnestly solicited. 

Claims 35, 36, 38-47, 48-51. and 58-62: 

Claims 35, 36, 38-47, 48-51 , and 58-62 depend from claim 33 and add further 
distinguishing elements. Howard neither teaches, discloses, nor suggests "a pattern estimation 
unit which estimates legality of an access request based on the illegal access patterns stored in 
the illegal pattern database and on a predetermined pattern estimation rule," or "controlling 
transmission of the access request based on determination result of the pattern determination 
step so as to transmit the access request to the server when the access request is estimated to 
be legal," as discussed above with respect to the rejection of claim 33. 

Carter does not either, and thus cannot make up for this deficiency of Howard with 
respect to claims 35, 36, 38-47, 48-51 , and 58-62. Thus, even if Howard were combined as 
proposed in the Office Action, the claimed invention would not result. Claims 35, 36, 38-47, 48- 
51 , and 58-62 are submitted to be allowable. Withdrawal of the rejection of claims 35, 36, 38- 
47, 48-51, and 58-62 is earnestly solicited. 

Claims 31, 32, 63, and 64: 

Claims 31, 32, 63, and 64 were rejected under 35 U.S.C. § 103 as being unpatentable 
over Howard and Carter, and further in view of US 6,535,855 to Cahill et al. (hereinafter "Cahill"). 
The rejection is traversed. Reconsideration is earnestly solicited. 

Claims 31 and 32 depend from claim 1 and add further distinguishing elements. Neither 
Howard nor Carter teach, disclose, or suggest "a pattern estimation unit which estimates legality 
of an access request based on the illegal access patterns stored in the illegal pattern database 
and on a predetermined pattern estimation rule," or "a transmission unit which controls 
transmission of the access request based on the determination result of the pattern 
determination unit so as to transmit the access request to the server when the access request is 
estimated to be legal," as discussed above. 

Cahill does not either, and thus cannot make up for this deficiency of Howard and Carter 
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with respect to claims 31 and 32. Thus, even if Howard, Carter and Cahill were combined, as 
proposed in the Office Action, the claimed invention would not result. 

Finally, the Office Action provides no motivation or suggestion to combine the teachings 
of Howard, Carter and Cahill as required by 35 U.S.C. § 103(a) and the M.RE.P. §706.02(j)(D) f 
beyond an assertion that "(o)ne of ordinary skill in the art at the time of the invention would have 
been motivated to make the above mentioned modifications for the reasons discussed in Carter, 
Paragraph [0026]". 

In paragraph [0026], however, while Carter opines that monitoring and protecting network 
communication over the Internet is a major purpose of network surveillance and security 
systems, Carter fails to mention any reason at all to include a pattern estimation unit which 
estimates legality of an access request based on the illegal access patterns stored in the illegal 
pattern database, as recited in claim 1 . Thus, even if persons of ordinary skill in the art would 
have been motivated by paragraph [0026] of Carter at the time of the invention, there's no 
reason to believe the claimed invention would be at all the result. Claims 31 and 32 are thus 
also submitted to be allowable. Withdrawal of the rejection of claims 31 and 32 is earnestly 
solicited. 

Claims 63 and 64; 

Claims 63 and 64 depend from claim 33 and add further distinguishing elements. 
Neither Howard nor Carter teach, disclose, or suggest ""a pattern estimation unit which 
estimates legality of an access request based on the illegal access patterns stored in the illegal 
pattern database and on a predetermined pattern estimation rule," or "controlling transmission of 
the access request based on determination result of the pattern determination step so as to 
transmit the access request to the server when the access request is estimated to be legal," as 
discussed above. 

Cahill does not either, and thus cannot make up for this deficiency of Howard and Carter 
with respect to claims 63 and 64. Thus, even if Howard, Carter and Cahill were combined, as 
proposed in the Office Action, the claimed invention would not result. 

Finally, the Office Action provides no motivation or suggestion to combine the teachings 
of Fuh, Carter and Cahill as required by 35 ILS.C. § 103(a) and the M.RE.P. §706.02(j)(D), 
beyond an assertion that "(o)ne of ordinary skill in the art at the time of the invention would have 
been motivated to make the above mentioned modifications for the reasons discussed in Carter, 
Paragraph [0026]", as discussed above. Claims 63 and 64 are submitted to be allowable. 
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Withdrawal of the rejection of claims 63 and 64 is earnestly solicited. 

Claims 20, 21,52 and 53: 

Claims 20, 21 , 52 and 53 were rejected under 35 U.S.C. § 103 as being unpatentable 
over Howard in view of US Patent Application Publication 2002/0165894 to Kashani et al. 
(hereinafter "Kashani") and US Patent Application Publication 2003/0135555 to Birrel et al. 
(hereinafter "Birrel"). The rejection is traversed to the extent it might apply to the claims as 
amended. Reconsideration is earnestly solicited. 

Claims 20 and 21 depend from claim 1 and add further distinguishing elements. Howard 
neither teaches, discloses, nor suggests "a pattern estimation unit which estimates legality of an 
access request based on the illegal access patterns stored in the illegal pattern database and on 
a predetermined pattern estimation rule," or "a transmission unit which controls transmission of 
the access request based on the determination result of the pattern determination unit so as to 
transmit the access request to the server when the access request is estimated to be legal," as 
discussed above with respect to the rejection of claim 1 . 

Neither Kashani nor Birrel do not either, and thus cannot make up for this deficiency of 
Howard with respect to claims 20 and 21 , Thus, even if Howard, Kashani and Birrel were 
combined as proposed in the Office Action, the claimed invention would not result. Claims 20 
and 21 are submitted to be allowable. Withdrawal of the rejection of claims 20 and 21 is 
earnestly solicited. 

Claims 52 and 53: 

Claims 52 and 53 depend from claim 33 and add further distinguishing elements. 
Howard neither teaches, discloses, nor suggests "a pattern estimation unit which estimates 
legality of an access request based on the illegal access patterns stored in the illegal pattern 
database and on a predetermined pattern estimation rule," or "controlling transmission of the 
access request based on determination result of the pattern determination step so as to transmit 
the access request to the server when the access request is estimated to be legal," as 
discussed above with respect to the rejection of claim 33. 

Neither Kashani nor Birrel do not either, and thus cannot make up for this deficiency of 
Howard with respect to claims 52 and 53. Thus, even if Howard, Kashani and Birrel were 
combined as proposed in the Office Action, the claimed invention would not result. Claims 52 
and 53 are submitted to be allowable. Withdrawal of the rejection of claims 52 and 53 is 
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earnestly solicited. 

Claims 22-25 and 54-57: 

Claims 22-25 and 54-57 were rejected under 35 U.S.C. § 103 as being unpatentable over 
Howard in view of Carter and Kashani. The rejection is traversed. Reconsideration is earnestly 
solicited. 

Claims 22-25 depend from claim 1 and add further distinguishing elements. Howard 
neither teaches, discloses, nor suggests "a pattern estimation unit which estimates legality of an 
access request based on the illegal access patterns stored in the illegal pattern database and on 
a predetermined pattern estimation rule," or "a transmission unit which controls transmission of 
the access request based on the determination result of the pattern determination unit so as to 
transmit the access request to the server when the access request is estimated to be legal," as 
discussed above with respect to the rejection of claim 1 . 

Neither Carter nor Kashani do either, and thus cannot make up for this deficiency of 
Howard with respect to claims 22-25. Thus, even if Howard, Carter and Kashani were combined 
as proposed in the Office Action, the claimed invention would not result. Claims 22-25 are 
submitted to be allowable. Withdrawal of the rejection of claims 22-25 is earnestly solicited. 

Claims 54-57: 

Claims 54-57 depend from claim 33 and add further distinguishing elements. 

Howard neither teaches, discloses, nor suggests "a pattern estimation unit which 
estimates legality of an access request based on the illegal access patterns stored in the illegal 
pattern database and on a predetermined pattern estimation rule," or "controlling transmission of 
the access request based on determination result of the pattern determination step so as to 
transmit the access request to the server when the access request is estimated to be legal," as 
discussed above with respect to the rejection of claim 33. Neither Carter nor Kashani do either, 
and thus cannot make up for this deficiency of Howard with respect to claims 54-57. Thus, even 
if Howard, Carter and Kashani were combined as proposed in the Office Action, the claimed 
invention would not result. Claims 54-57 are submitted to be allowable. Withdrawal of the 
rejection of claims 54-57 is earnestly solicited. 

Conclusion: 

Accordingly, in view of the reasons given above, it is submitted that all of claims 1-4, 6- 
36, and 38-67 are allowable over the cited references. Allowance of all claims 1-4, 6-36, and 38- 
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67 and of this entire application is therefore respectfully requested. 

Finally, if there are any formal matters remaining after this response, the Examiner is 
requested to telephone the undersigned to attend to these matters. 

If there are any additional fees associated with filing of this Amendment, please charge 
the same to our Deposit Account No. 19-3935. 



Respectfully submitted, 




Thomas t. McKiernan 
Registration No. 37,889 



1201 New York Avenue, NW, 7th Floor 
Washington, D.C. 20005 
Telephone: (202)434-1500 
Facsimile: (202)434-1501 
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